Why do I still need the ‘guest’ account? I thought it was replaced by origam_server user
The guest user has always been needed for anonymous access to API’s.
origam_server has been here too but before it was different for every installation, depending on the identity set to the application pool. So the typical user name for the server was e.g. IIS APPPOOL\origam. Server startup operations and work queue processing is executed under an identity of this user.
And what if the origam_server launches some workflow (from work-queue class processing). How the application roles are applied?
The roles assigned to the origam_server are applied just as for any other user, e.g. row-level-security etc. The only exception is that the server processes all active work queues whereas the users only see work queues depending on their roles setting.
And why it’s not possible to start a server without ‘guest’ account in BusinessPartner table?
Because the server needs to access data to authenticate the user before he signs in. This is done under an anonymous identity yet, therefore it uses the guest account.